wrong user name is stored in mysql radacct table
we are running freeradius-1.0.5-1.2 and mysql-5.0.27-1.fc5 when i look at the radacct table in the mysql database i see there are a number of entries with a non-existent user. i.e. D4JM4P61\\Kimberly Higgins when i look at the radius.log file i see that the correct user name appears and then the wrong one. why is the wrong one being stored in the database? radius.log -------------------------------------------- Thu Mar 1 20:23:09 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Thu Mar 1 20:23:09 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message Thu Mar 1 20:23:09 2007 : Info: (other): SSL negotiation finished successfully Thu Mar 1 20:23:09 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message Thu Mar 1 20:23:09 2007 : Info: rlm_eap_mschapv2: Issuing Challenge Thu Mar 1 20:23:09 2007 : Auth: Login OK: [Khiggins] (from client localhost port 0) Thu Mar 1 20:23:10 2007 : Auth: Login OK: [D4JM4P61\\Kimberly Higgins] (from client 3RE-BCardozo port 547472 cli 000e.35d8.4e66)
Zeli Kartzman wrote:
we are running freeradius-1.0.5-1.2 and mysql-5.0.27-1.fc5 when i look at the radacct table in the mysql database i see there are a number of entries with a non-existent user. i.e. D4JM4P61\\Kimberly Higgins
That is the name sent in the outer TLS tunnel.
when i look at the radius.log file i see that the correct user name appears and then the wrong one. why is the wrong one being stored in the database?
Because that's the name the user is sending in order to login. It's not like FreeRADIUS invents random names, and logs them to SQL. Everything happens because of information the NAS sends in a packet. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Zeli Kartzman